Versions Compared

Old Version 11

changes.mady.by.user Kyle Miller (Deactivated)

Saved on

compared with

New Version 12

changes.mady.by.user Milton Suen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

The TLS certificate used for LDAPS must be created using Active Directory Certificate Services.

Export Root CA from Active Directory Server

  1. Log into the Active Directory domain server as a Domain Administrator:

    1. Open the CA Microsoft Management Console (MMC) GUI from StartWindows Administrative ToolsCertificate Authority

    2. Right-click on the CA Server and select Properties:

    3. Select View Certificate from the General menu:

      Image RemovedImage Added

    4. Select Details followed by Copy to File…:

      Image RemovedImage Added

    5. Use the Certificate Export Wizard to save the CA certificate file:

    6. Select Next followed by Base-64 encoded X.509 (.CER):

    7. Select Browse to select the path where the root-CA is saved:

    8. Select Next.

...

  1. Download the acert certificate verification utility to each Swarm Content Gateway server and verify the file against the SHA-256 checksums listed on the Duo Certification Verification Utility website:

    Code Block
    cd /root/datacore
curl -fLO https://dl.duosecurity.com/acert-linux
chmod +x acert-linux

  2. Verify all Swarm Content Gateway servers can reach the Active Directory server using tools such as ping, traceroute, or equivalent).

  3. Run the following command to verify the LDAPS certificate:

    Code Block
    ./acert-linux -host ad.acme.local -port 636

Or test with curl

Code Block
curl "ldaps://acme.local:636/dc=acme,dc=local" -u "CN=administrator,CN=Users,DC=acme,DC=local" -vvv

Output:

Code Block
Enter host password for user 'CN=administrator,CN=Users,DC=acme,DC=local':
* About to connect() to acme.local port 636 (#0)
*   Trying 172.16.30.88...
* Connected to acme.local (172.16.30.88) port 636 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: (nil)
*       start date: Jul 16 12:37:51 2023 GMT
*       expire date: Jul 16 12:47:51 2025 GMT
*       common name: (nil)
*       issuer: CN=acme-W2K19AD01-CA,DC=acme,DC=local
* LDAP local: ldaps://acme.local:636/dc=acme,dc=local

Configure LDAPS on Swarm Content Gateway

...